7.3
Table Of Contents
- Managing vRealize Automation
- Contents
- Managing vRealize Automation
- Updated Information
- Maintaining and Customizing vRealize Automation Components and Options
- Broadcast a Message on the Message Board Portlet
- Starting Up and Shutting Down vRealize Automation
- Updating vRealize Automation Certificates
- Extracting Certificates and Private Keys
- Replace Certificates in the vRealize Automation Appliance
- Replace the Infrastructure as a Service Certificate
- Replace the IaaS Manager Service Certificate
- Update Embedded vRealize Orchestrator to Trust vRealize Automation Certificates
- Update External vRealize Orchestrator to Trust vRealize Automation Certificates
- Updating the vRealize Automation Appliance Management Site Certificate
- Replace a Management Agent Certificate
- Change the Polling Method for Certificates
- Managing the vRealize Automation Postgres Appliance Database
- Backup and Recovery for vRealize Automation Installations
- The Customer Experience Improvement Program
- Adjusting System Settings
- Monitoring vRealize Automation
- Monitoring vRealize Automation Health
- Monitoring and Managing Resources
- Monitoring Containers
- Bulk Import, Update, or Migrate Virtual Machines
2 Record the value from the id attribute of the agentConfiguration element.
<agentConfiguration id="0E22046B-9D71-4A2B-BB5D-70817F901B27">
Replace the vRealize Automation Appliance Management Site Certiļ¬cate
If the SSL certificate of the management site service expires, or you started with a self-signed certificate
and site policies require a different one, you can replace the certificate.
You are allowed to reuse the certificate used by the vRealize Automation service on port 443, or use a
different one. If you are requesting a new CA-issued certificate to update an existing certificate, a best
practice is to reuse the Common Name from the existing certificate.
Note The vRealize Automation appliance uses lighttpd to run its own management site. You secure the
management site service on port 5480.
Prerequisites
n
The certificate must be in PEM format.
n
The certificate must include both of the following, in order, together in one file:
a RSA private key
b Certificate chain
n
The private key cannot be encrypted.
n
The default location and file name is /opt/vmware/etc/lighttpd/server.pem.
See Extracting Certificates and Private Keys for more information about exporting a certificate and private
key from a Java keystore to a PEM file.
Procedure
1 Log in by using the appliance console or SSH.
2 Back up your current certificate file.
cp /opt/vmware/etc/lighttpd/server.pem /opt/vmware/etc/lighttpd/server.pem-bak
3 Copy the new certificate to your appliance by replacing the content of the
file /opt/vmware/etc/lighttpd/server.pem with the new certificate information.
4 Run the following command to restart the lighttpd server.
service vami-lighttp restart
5 Run the following command to restart the haproxy service.
service haproxy restart
6 Log in to the management console and validate that the certificate is replaced. You might need to
restart your browser.
Managing vRealize Automation
VMware, Inc. 23